Award-winning news, views, and insight from the ESET security community

419 and Mac scams

I forwarded this to myself from another account yesterday because I thought it was one of the laziest 419 scam messages I’d ever seen. From: British Tobacco Company Sent: 27 August 2009 19:46 Subject: Contact Mr Paul Adams Congratulations! Your e-mail ID was among the selected lucky winners of £1,000.000.00 GBP in our BRITISH TOBACCO

I forwarded this to myself from another account yesterday because I thought it was one of the laziest 419 scam messages I’d ever seen. From: British Tobacco Company Sent: 27 August 2009 19:46 Subject: Contact Mr Paul Adams Congratulations! Your e-mail ID was among the selected lucky winners of £1,000.000.00 GBP in our BRITISH TOBACCO

I forwarded this to myself from another account yesterday because I thought it was one of the laziest 419 scam messages I’d ever seen.

Congratulations! Your e-mail ID was among the selected lucky winners of £1,000.000.00 GBP in our BRITISH TOBACCO PROMO.Get back to us with your Name..Coutry..Occupation..Age

Well, short and to the point, I suppose. The hard sell social engineering will follow if you’re naive enough to follow this up. However, I’ve removed the mailto address at lo.com. Here’s another, received today.

We are pleased to inform you that your e-mail address has won the British America Tobacco Programme. reply today with your full names

Even better. The mailto, which I’ve removed here, too, indicates that it was sent from an educational site in Taiwan. You’d think the British American Tobacco company would be consistent about its own name, and would be able to afford its own domain in Britain (or even the US).

Still, £2 million in two days is a nice bonus. Maybe I can afford to retire next year. :)

By the way, have you ever noticed that “scam” spelt backwards is “Macs”? No, I’m not indulging in a little gratuitious Macfreak-baiting. (Not that I’m above that…) That’s just a rather forced segue to a warning that there are reports of sites offering free copies of Snow Leopard that are actually not Snow Leopard, but malware. Ironically, a DNSchanger-type program that isn’t detected by Snow Leopard’s File Quarantine utility.

Since I’m not here to taunt Mac fanboiz, I won’t even think about asking why it is that Mac malware is so often disguised as porn or as pirated software. ;-)